Clientless connection setup for cloud-based virtual private access systems and methods

1. A virtual private access method implemented in a clientless manner on a user device, the method comprising: receiving a request to access resources from a Web browser on the user device at an exporter in a cloud system, wherein the resources are located in one of a public cloud and an enterprise network and the user device is remote therefrom on the Internet; performing a series of connections between the exporter and i) the Web browser and ii) centralized components comprising a crypto service, database, cookie store, and Security Assertion Markup Language (SAML) Service Provider (SP) component to authenticate a user of the user device for the resources including receiving an authentication cookie from the web browser and obtaining an assertion from the cookie store for clientless authentication; and subsequent to authentication, exchanging data between the Web browser and the resources through the exporter, wherein the exporter has a first secure tunnel to the Web browser and a second secure tunnel to the resources, wherein the exporter redirects the SAML SP, and wherein the SAML SP redirects to an Identity Provider (IDP) of the user device and determines the authentication cookie based on the assertion, the assertion being received from the IDP and provided to the cookie store.

2. The virtual private access method of claim 1 , further comprising: prior to the request, uploading a private and public key to the centralized components via an Application Programming Interface (API); and encrypting and storing the private key in the database.

3. The virtual private access method of claim 1 , wherein the request is sent to an address of the resources and changed via a Domain Name System (DNS) server to an address of the exporter.

4. The virtual private access method of claim 3 , wherein the address of the exporter resolves to a nearest cloud node.

5. The virtual private access method of claim 1 , wherein the user device sends the request via Transmission Control Protocol (TCP) port 80 and after the receiving, the exporter redirects the user device to TCP port 443 based on determining an address of the resources relates to virtual private access.

6. The virtual private access method of claim 1 , wherein the exporter utilizes Server Name Indication (SNI) to determine a certificate to present, wherein the certificate is encrypted and obtained from the database and the crypto service decrypts the certificate and authenticates the exporter.

7. The virtual private access method of claim 1 , wherein the exporter authenticates to a broker of the cloud system using the assertion obtained from the cookie store.

8. A cloud system adapted to implement virtual private access with a user device in a clientless manner, the cloud system comprising: one or more cloud nodes communicatively coupled to one another; wherein each of the one or more cloud nodes comprises one or more processors and memory storing instructions that, when executed, cause the one or more processors to receive a request to access resources from a Web browser on the user device, wherein the resources are located in one of a public cloud and an enterprise network and the user device is remote therefrom on the Internet; perform a series of connections between i) the Web browser and ii) centralized components comprising a crypto service, database, cookie store, and Security Assertion Markup Language (SAML) Service Provider (SP) component to authenticate a user of the user device for the resources including receiving an authentication cookie from the web browser and obtaining an assertion from the cookie store for clientless authentication; and subsequent to authentication, exchange data between the Web browser and the resources through the cloud node, wherein the cloud node has a first secure tunnel to the Web browser and a second secure tunnel to the resources, wherein the exporter redirects the SAML SP, and wherein the SAML SP redirects to an Identity Provider (IDP) of the user device and determines the authentication cookie based on the assertion, the assertion being received from the IDP and provided to the cookie store.

9. The cloud system of claim 8 , wherein, prior to the request, a private and public key tis uploaded o the centralized components via an Application Programming Interface (API) and the private key is encrypted and stored in the database.

10. The cloud system of claim 8 , wherein the request is sent to an address of the resources and changed via a Domain Name System (DNS) server to an address of the cloud node.

11. The cloud system of claim 10 , wherein the address of the cloud node resolves to a nearest cloud node.

12. The cloud system of claim 10 , wherein the user device sends the request via Transmission Control Protocol (TCP) port 80 and after the receiving, the exporter redirects the user device to TCP port 443 based on determining an address of the resources relates to virtual private access.

13. The cloud system of claim 10 , wherein the cloud node utilizes Server Name Indication (SNI) to determine a certificate to present, wherein the certificate is encrypted and obtained from the database and the crypto service decrypts the certificate and authenticates the exporter.

14. The cloud system of claim 10 , wherein the exporter authenticates to a broker of the cloud system using the assertion obtained from the cookie store.

15. A non-transitory computer-readable medium comprising instructions that, when executed, cause a processor to perform the steps of: receiving a request to access resources from a Web browser on a user device at an exporter in a cloud system, wherein the resources are located in one of a public cloud and an enterprise network and the user device is remote therefrom on the Internet; performing a series of connections between the exporter and i) the Web browser and ii) centralized components comprising a crypto service, database, cookie store, and Security Assertion Markup Language (SAML) Service Provider (SP) component to authenticate a user of the user device for the resources including receiving an authentication cookie from the web browser and obtaining an assertion from the cookie store for clientless authentication; and subsequent to authentication, exchanging data between the Web browser and the resources through the exporter, wherein the exporter has a first secure tunnel to the Web browser and a second secure tunnel to the resources, wherein the exporter redirects the SAML SP, and wherein the SAML SP redirects to an Identity Provider (IDP) of the user device and determines the authentication cookie based on the assertion, the assertion being received from the IDP and provided to the cookie store.

16. The non-transitory computer-readable medium of claim 15 , wherein the instructions that, when executed, cause a processor to perform the steps of: prior to the request, receiving a private and public key to the centralized components via an Application Programming Interface (API); and encrypting and storing the private key in the database.

17. The non-transitory computer-readable medium of claim 15 , wherein the request is sent to an address of the resources and changed via a Domain Name System (DNS) server to an address of the exporter.

18. The non-transitory computer-readable medium of claim 15 , wherein the exporter authenticates to a broker of the cloud system using the assertion obtained from the cookie store.